[ Monday, April 13, 2009 ]
What's your reaction been to ARRA and HITECH?
The so-called Stimulus Bill (ARRA) contained the acronymiously adventurous HITECH provisions (that's the Health Information Technology for Econimic and Clinical Health Act), which strengthened HIPAA penalties, added more potential HIPAA regulators and enforcers, and made more people subject to HIPAA. But I haven't seen that many people with panic in their eyes like when HIPAA first came out. I'm not alone
Actually, that article is spot-on. To the extent anyone is doing anything with this tranch of HIPAA regulation, it's that they're revisiting their existing policies. I'm recommending to clients that they do the same.
I'm also recommending that, while they're at it, they use that impetus, and the structure of their HIPAA Security policies, to develop Red Flags Rule compliance programs
. As I n0te in the eBrief, it's not exactly clear that most healthcare providers are subject to the Red Flags Rule. But the FTC thinks you are, and while you might win that fight, it could be expensive. It's a lot cheaper, and can be a value-added component of your HIPAA Security policies, to put an Identity Theft Prevention Program in place. I've done it with a couple of clients now, and it can be pretty cheap and easy if you've got a good HIPAA Security program in place. Use the team that put your HIPAA Security policies together, follow the FTC guidance
, draft a policy, and you're done. [Well, you've got to follow it too, but that's something you really should do anyway.]
Jeff [10:23 AM]
Blogger: HIPAA Blog - Edit your Template